January 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2186) Salted password cannot be set through CLI for Elytron filesystem-realm identity

by Michal Petrov (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2186?page=com.atlassian.jira.plugi... ] Michal Petrov commented on WFCORE-2186: --------------------------------------- Object notation works, i.e. {code} /subsystem=elytron/filesystem-realm=fsrealm/identity=admin:set-password(bcrypt={"iteration-count"=>42,"password"=>"passwrod1","salt"=>bytes{0x31,0x32,0x33}}) {code} But given that the shorter format works for other things I assume it should work for this as well. Note: the above command will fail to create a password, the iteration-count must be between 4 and 31 and salt must 16 bytes long, this one will work: {code} /subsystem=elytron/filesystem-realm=fsrealm/identity=admin:set-password(bcrypt={"iteration-count"=>12,"password"=>"passwrod1","salt"=>bytes{0x31,0x32,0x33,0x32,0x31,0x32,0x33,0x32,0x31,0x32,0x33,0x32,0x31,0x32,0x33,0x32}}) {code} > Salted password cannot be set through CLI for Elytron filesystem-realm identity > ------------------------------------------------------------------------------- > > Key: WFCORE-2186 > URL: https://issues.jboss.org/browse/WFCORE-2186 > Project: WildFly Core > Issue Type: Bug > Components: CLI > Affects Versions: 3.0.0.Alpha16 > Reporter: Ondrej Lukas > Assignee: Michal Petrov > > Password encryption/hash mechanisms which contain {{salt}} attribute for filesystem-realm identity cannot be added through CLI. {{set-password}} operation fails and finishes with failure-description "WFLYCTL0155: password may not be null" even if password was set. It seems when {{salt}} attribute with {{bytes}} value is used then {{password}} attribute is ignored by CLI. > Following password encryption/hash mechanisms from filesystem-realm identity are affected by issue: > - {{bcrypt}} > - {{salted-simple-digest}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-869) Elytron security realms cannot be used only for authorization

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-869?page=com.atlassian.jira.plugin.sy... ] Jan Kalina reassigned ELY-869: ------------------------------ Assignee: Jan Kalina (was: Darran Lofthouse) > Elytron security realms cannot be used only for authorization > ------------------------------------------------------------- > > Key: ELY-869 > URL: https://issues.jboss.org/browse/ELY-869 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta18 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Blocker > Attachments: print-roles.war > > > Scenario: I try to configure application server for scenario when different identity stores are used for authentication and authorization (e.g. username/password are stored in LDAP and roles are assigned from Database). > In case when authentication and authorization is handled by different security realms in Elytron (i.e. aggregate realm is used) then authorization works only in case, when identity store for realm used for authorization includes the username also for authentication. See Steps to Reproduce for more details. > We request blocker since using different identity stores for authentication and authorization is common scenario which should be provided by Elytron. Even out documentation explicitly mentioned that scenarios [1]: > ??Consider the case where users are managed in a central LDAP server and application-specific roles are stored in the application’s relational database.?? > I tried this scenario with Properties and Filesystem Realms for authentication and Properties and Ldap Realms for authorization. > [1] https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-869) Elytron security realms cannot be used only for authorization

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-869?page=com.atlassian.jira.plugin.sy... ] Jan Kalina moved WFLY-7878 to ELY-869: -------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-869 (was: WFLY-7878) Component/s: Realms (was: Security) Affects Version/s: 1.1.0.Beta18 (was: 11.0.0.Alpha1) > Elytron security realms cannot be used only for authorization > ------------------------------------------------------------- > > Key: ELY-869 > URL: https://issues.jboss.org/browse/ELY-869 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Affects Versions: 1.1.0.Beta18 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > Attachments: print-roles.war > > > Scenario: I try to configure application server for scenario when different identity stores are used for authentication and authorization (e.g. username/password are stored in LDAP and roles are assigned from Database). > In case when authentication and authorization is handled by different security realms in Elytron (i.e. aggregate realm is used) then authorization works only in case, when identity store for realm used for authorization includes the username also for authentication. See Steps to Reproduce for more details. > We request blocker since using different identity stores for authentication and authorization is common scenario which should be provided by Elytron. Even out documentation explicitly mentioned that scenarios [1]: > ??Consider the case where users are managed in a central LDAP server and application-specific roles are stored in the application’s relational database.?? > I tried this scenario with Properties and Filesystem Realms for authentication and Properties and Ldap Realms for authorization. > [1] https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7058) JBoss CLI - CJK Character Issue

by J Prasanna Venkatesan (JIRA)

[ https://issues.jboss.org/browse/WFLY-7058?page=com.atlassian.jira.plugin.... ] J Prasanna Venkatesan commented on WFLY-7058: --------------------------------------------- I am using the WildFly10 that is 3 to 4 months old. > JBoss CLI - CJK Character Issue > ------------------------------- > > Key: WFLY-7058 > URL: https://issues.jboss.org/browse/WFLY-7058 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 8.2.0.Final > Reporter: J Prasanna Venkatesan > Assignee: Darran Lofthouse > Labels: cjk, login-module > Attachments: cjk2.cli > > > Dear All, > > Environment: > > CentOS Linux release 7.1.1503 (Core) > /usr/java/jdk1.8.0_45/ > WildFly 8.2.0 > I am executing few LoginModule commands using file. My file name is command.cli > Its content is > > {color:red}[root@cu490 temp]# cat command.cli > /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true} > > [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli > { > "outcome" => "success", > "response-headers" => {"process-state" => "reload-required"} > } > [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color} > > Content inside standalone-full.xml is > > {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient"> > <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/> > <module-option name="java.naming.referral" value="follow"/> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.security.authentication" value="simple"/> > <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/> > <module-option name="bindCredential" value="xxxxxx"/> > <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/> > <module-option name="baseFilter" value="(sAMAccountName={0})"/> > <module-option name="roleAttributeID" value="memberOf"/> > <module-option name="roleAttributeIsDN" value="true"/> > <module-option name="rolesCtxDN" value="DC=test,DC=net"/> > <module-option name="roleFilter" value="(member={1})"/> > <module-option name="roleRecursion" value="1"/> > <module-option name="searchTimeLimit" value="5000"/> > <module-option name="searchScope" value="SUBTREE_SCOPE"/> > <module-option name="allowEmptyPasswords" value="false"/> > <module-option name="throwValidateError" value="true"/> > </login-module>{color} > > You can see instead of CJK characters we are seeing ??? in standalone-full.xml > > Please throw some light on this. > > Thanks & Regards, > J Prasanna Venkatesan -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7880) Wildfly 10 admin console does not show log files

by Davy Steegen (JIRA)

Davy Steegen created WFLY-7880: ---------------------------------- Summary: Wildfly 10 admin console does not show log files Key: WFLY-7880 URL: https://issues.jboss.org/browse/WFLY-7880 Project: WildFly Issue Type: Bug Components: Logging Affects Versions: 10.1.0.Final Reporter: Davy Steegen Assignee: James Perkins Attachments: log4j.properties When using "per deployment logging", the WildFly 10 admin console does not show the log files that I configured in my log4j configuration (only those that are managed via the WildFly itself). You can find an example log4j configuration in the attachments. It contains a File appender that logs in a file called client.log (relative to the WildFly log directory). The workaround is to create Logging Handler of type File in the admin console per log file I want to monitor in the admin console. However, in our case the WildFly is managed by another team. We don't want to botter them each time we add a new log file. Am I missing something or does this work as designed ? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7058) JBoss CLI - CJK Character Issue

by Jean-Francois Denise (JIRA)

[ https://issues.jboss.org/browse/WFLY-7058?page=com.atlassian.jira.plugin.... ] Jean-Francois Denise commented on WFLY-7058: -------------------------------------------- Did you try with latest Wildfly built from github project (https://github.com/wildfly/wildfly)? That is what I am using. JF > JBoss CLI - CJK Character Issue > ------------------------------- > > Key: WFLY-7058 > URL: https://issues.jboss.org/browse/WFLY-7058 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 8.2.0.Final > Reporter: J Prasanna Venkatesan > Assignee: Darran Lofthouse > Labels: cjk, login-module > Attachments: cjk2.cli > > > Dear All, > > Environment: > > CentOS Linux release 7.1.1503 (Core) > /usr/java/jdk1.8.0_45/ > WildFly 8.2.0 > I am executing few LoginModule commands using file. My file name is command.cli > Its content is > > {color:red}[root@cu490 temp]# cat command.cli > /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true} > > [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli > { > "outcome" => "success", > "response-headers" => {"process-state" => "reload-required"} > } > [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color} > > Content inside standalone-full.xml is > > {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient"> > <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/> > <module-option name="java.naming.referral" value="follow"/> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.security.authentication" value="simple"/> > <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/> > <module-option name="bindCredential" value="xxxxxx"/> > <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/> > <module-option name="baseFilter" value="(sAMAccountName={0})"/> > <module-option name="roleAttributeID" value="memberOf"/> > <module-option name="roleAttributeIsDN" value="true"/> > <module-option name="rolesCtxDN" value="DC=test,DC=net"/> > <module-option name="roleFilter" value="(member={1})"/> > <module-option name="roleRecursion" value="1"/> > <module-option name="searchTimeLimit" value="5000"/> > <module-option name="searchScope" value="SUBTREE_SCOPE"/> > <module-option name="allowEmptyPasswords" value="false"/> > <module-option name="throwValidateError" value="true"/> > </login-module>{color} > > You can see instead of CJK characters we are seeing ??? in standalone-full.xml > > Please throw some light on this. > > Thanks & Regards, > J Prasanna Venkatesan -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7058) JBoss CLI - CJK Character Issue

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7058?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7058: ---------------------------------------- Just cleared the security sensitive flag as this is a management model issue rather than a security exploit. > JBoss CLI - CJK Character Issue > ------------------------------- > > Key: WFLY-7058 > URL: https://issues.jboss.org/browse/WFLY-7058 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 8.2.0.Final > Reporter: J Prasanna Venkatesan > Assignee: Darran Lofthouse > Labels: cjk, login-module > Attachments: cjk2.cli > > > Dear All, > > Environment: > > CentOS Linux release 7.1.1503 (Core) > /usr/java/jdk1.8.0_45/ > WildFly 8.2.0 > I am executing few LoginModule commands using file. My file name is command.cli > Its content is > > {color:red}[root@cu490 temp]# cat command.cli > /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true} > > [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli > { > "outcome" => "success", > "response-headers" => {"process-state" => "reload-required"} > } > [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color} > > Content inside standalone-full.xml is > > {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient"> > <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/> > <module-option name="java.naming.referral" value="follow"/> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.security.authentication" value="simple"/> > <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/> > <module-option name="bindCredential" value="xxxxxx"/> > <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/> > <module-option name="baseFilter" value="(sAMAccountName={0})"/> > <module-option name="roleAttributeID" value="memberOf"/> > <module-option name="roleAttributeIsDN" value="true"/> > <module-option name="rolesCtxDN" value="DC=test,DC=net"/> > <module-option name="roleFilter" value="(member={1})"/> > <module-option name="roleRecursion" value="1"/> > <module-option name="searchTimeLimit" value="5000"/> > <module-option name="searchScope" value="SUBTREE_SCOPE"/> > <module-option name="allowEmptyPasswords" value="false"/> > <module-option name="throwValidateError" value="true"/> > </login-module>{color} > > You can see instead of CJK characters we are seeing ??? in standalone-full.xml > > Please throw some light on this. > > Thanks & Regards, > J Prasanna Venkatesan -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7058) JBoss CLI - CJK Character Issue

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7058?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7058: ----------------------------------- Security: (was: Security Issue) > JBoss CLI - CJK Character Issue > ------------------------------- > > Key: WFLY-7058 > URL: https://issues.jboss.org/browse/WFLY-7058 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 8.2.0.Final > Reporter: J Prasanna Venkatesan > Assignee: Darran Lofthouse > Labels: cjk, login-module > Attachments: cjk2.cli > > > Dear All, > > Environment: > > CentOS Linux release 7.1.1503 (Core) > /usr/java/jdk1.8.0_45/ > WildFly 8.2.0 > I am executing few LoginModule commands using file. My file name is command.cli > Its content is > > {color:red}[root@cu490 temp]# cat command.cli > /subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule3:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options={ "java.naming.provider.url" => "ldap://a.com:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=in00655,OU=비임직원,OU=SK이노베이션,DC=test,DC=net", "bindCredential" => "xxxxxx", "baseCtxDN" => "ou=SK이노베이션,DC=test,DC=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=test,DC=net", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" }){allow-resource-service-restart=true} > > [root@cu490 temp]# /opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --file=command.cli > { > "outcome" => "success", > "response-headers" => {"process-state" => "reload-required"} > } > [root@cu490 temp]# vim /opt/collabnet/teamforge//runtime/jboss/standalone/configuration/standalone-full.xml{color} > > Content inside standalone-full.xml is > > {color:red}<login-module name="org.jboss.security.auth.spi.LdapExtLoginModule3" code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient"> > <module-option name="java.naming.provider.url" value="ldap://a.com:389/"/> > <module-option name="java.naming.referral" value="follow"/> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.security.authentication" value="simple"/> > <module-option name="bindDN" value="cn=in00655,OU=????,OU=SK?????,DC=test,DC=net"/> > <module-option name="bindCredential" value="xxxxxx"/> > <module-option name="baseCtxDN" value="ou=SK?????,DC=test,DC=net"/> > <module-option name="baseFilter" value="(sAMAccountName={0})"/> > <module-option name="roleAttributeID" value="memberOf"/> > <module-option name="roleAttributeIsDN" value="true"/> > <module-option name="rolesCtxDN" value="DC=test,DC=net"/> > <module-option name="roleFilter" value="(member={1})"/> > <module-option name="roleRecursion" value="1"/> > <module-option name="searchTimeLimit" value="5000"/> > <module-option name="searchScope" value="SUBTREE_SCOPE"/> > <module-option name="allowEmptyPasswords" value="false"/> > <module-option name="throwValidateError" value="true"/> > </login-module>{color} > > You can see instead of CJK characters we are seeing ??? in standalone-full.xml > > Please throw some light on this. > > Thanks & Regards, > J Prasanna Venkatesan -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2186) Salted password cannot be set through CLI for Elytron filesystem-realm identity

by Michal Petrov (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2186?page=com.atlassian.jira.plugi... ] Michal Petrov moved WFLY-7583 to WFCORE-2186: --------------------------------------------- Project: WildFly Core (was: WildFly) Key: WFCORE-2186 (was: WFLY-7583) Component/s: CLI (was: CLI) (was: Security) Affects Version/s: 3.0.0.Alpha16 (was: 11.0.0.Alpha1) > Salted password cannot be set through CLI for Elytron filesystem-realm identity > ------------------------------------------------------------------------------- > > Key: WFCORE-2186 > URL: https://issues.jboss.org/browse/WFCORE-2186 > Project: WildFly Core > Issue Type: Bug > Components: CLI > Affects Versions: 3.0.0.Alpha16 > Reporter: Ondrej Lukas > Assignee: Michal Petrov > > Password encryption/hash mechanisms which contain {{salt}} attribute for filesystem-realm identity cannot be added through CLI. {{set-password}} operation fails and finishes with failure-description "WFLYCTL0155: password may not be null" even if password was set. It seems when {{salt}} attribute with {{bytes}} value is used then {{password}} attribute is ignored by CLI. > Following password encryption/hash mechanisms from filesystem-realm identity are affected by issue: > - {{bcrypt}} > - {{salted-simple-digest}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2152) ASYM_ENCRYPT failure on Wildfly 10.1.0

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2152?page=com.atlassian.jira.plugin.... ] Bela Ban commented on JGRP-2152: -------------------------------- Where did you add ASYM_ENCRYPT in the stack? Can you post the entire configuration? Can you run a test with standalone JGroups using asym-encrypt.xml shipped with it, to verify this is a Wildfly issue and not a JGroups issue? A sample asym-encrypt.xml is \[1\]. [~rachmato]: have we ever tested ASYM_ENCRYPT in Wildfly? \[1\] https://github.com/belaban/JGroups/blob/master/conf/asym-encrypt.xml > ASYM_ENCRYPT failure on Wildfly 10.1.0 > -------------------------------------- > > Key: JGRP-2152 > URL: https://issues.jboss.org/browse/JGRP-2152 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.10 > Reporter: Matt Wringe > Assignee: Bela Ban > Fix For: 4.0, 3.6.13 > > Attachments: hawkular-metrics-1.log, hawkular-metrics-2.log > > > Using ASYM_ENCRYPT on Wildfly 10.1.0 seems to be broken. > I am using the parameters for ASYM_ENCRYPT specified in http://www.jgroups.org/manual/index.html#Security > Note: running with SYM_ENCRYPT doesn't cause any issues and it works fine with my setup. Its only ASYM_ENCRYPT which is currently failing. > Note: running this on EAP fails in a similar manner. > Eg: > <protocol type="ASYM_ENCRYPT"> > <property name="encrypt_entire_message">true</property> > <property name="sym_keylength">128</property> > <property name="sym_algorithm">AES/ECB/PKCS5Padding</property> > <property name="asym_keylength">512</property> > <property name="asym_algorithm">RSA</property> > </protocol> > If I run a single instance, then I don't see any problems appear in the logs. Its when I start a second instance that I start to see errors about unrecognised ciphers and timeouts. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2017